-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
move auth tests into separate behat suite
- Loading branch information
1 parent
6cfdd29
commit 3dabf04
Showing
9 changed files
with
183 additions
and
61 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
@api @TestAlsoOnExternalUserBackend | ||
Feature: auth | ||
|
||
Background: | ||
Given user "user0" has been created with default attributes | ||
And a new client token for "user0" has been generated | ||
|
||
@smokeTest | ||
Scenario: access files app anonymously | ||
When a user requests "/index.php/apps/files" with "GET" and no authentication | ||
Then the HTTP status code should be "401" | ||
|
||
@smokeTest | ||
Scenario: access files app with basic auth | ||
When user "user0" requests "/index.php/apps/files" with "GET" using basic auth | ||
Then the HTTP status code should be "200" | ||
|
||
@smokeTest | ||
Scenario: access files app with basic token auth | ||
When user "user0" requests "/index.php/apps/files" with "GET" using basic token auth | ||
Then the HTTP status code should be "200" | ||
|
||
@smokeTest | ||
Scenario: access files app with a client token | ||
When the user requests "/index.php/apps/files" with "GET" using the generated client token | ||
Then the HTTP status code should be "200" | ||
|
||
@smokeTest | ||
Scenario: access files app with browser session | ||
Given a new browser session for "user0" has been started | ||
When the user requests "/index.php/apps/files" with "GET" using the browser session | ||
Then the HTTP status code should be "200" | ||
|
||
@smokeTest | ||
Scenario: access files app with an app password | ||
Given a new browser session for "user0" has been started | ||
And the user has generated a new app password named "my-client" | ||
When the user requests "/index.php/apps/files" with "GET" using the generated app password | ||
Then the HTTP status code should be "200" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
@api @TestAlsoOnExternalUserBackend | ||
Feature: auth | ||
|
||
Background: | ||
Given user "user0" has been created with default attributes | ||
And a new client token for "user0" has been generated | ||
|
||
@issue-32068 | ||
Scenario Outline: send DELETE requests to OCS endpoints as admin with wrong password | ||
Given using OCS API version "<ocs_api_version>" | ||
And group "group1" has been created | ||
When the administrator sends HTTP method "DELETE" to OCS API endpoint "<endpoint>" using password "invalid" | ||
Then the OCS status code should be "<ocs-code>" | ||
And the HTTP status code should be "<http-code>" | ||
Examples: | ||
| ocs_api_version |endpoint | ocs-code | http-code | | ||
| 1 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | | ||
| 1 |/apps/files_sharing/api/v1/remote_shares/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/remote_shares/123 | 997 | 401 | | ||
| 1 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | | ||
| 1 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | | ||
| 1 |/cloud/apps/testing | 997 | 401 | | ||
| 2 |/cloud/apps/testing | 997 | 401 | | ||
| 1 |/cloud/groups/group1 | 997 | 401 | | ||
| 2 |/cloud/groups/group1 | 997 | 401 | | ||
| 1 |/cloud/users/user0 | 997 | 401 | | ||
| 2 |/cloud/users/user0 | 997 | 401 | | ||
| 1 |/cloud/users/user0/groups | 997 | 401 | | ||
| 2 |/cloud/users/user0/groups | 997 | 401 | | ||
| 1 |/cloud/users/user0/subadmins | 997 | 401 | | ||
| 2 |/cloud/users/user0/subadmins | 997 | 401 | |
61 changes: 0 additions & 61 deletions
61
.../acceptance/features/apiMain/auth.feature → ...tance/features/apiAuth/ocsGETAuth.feature
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
@api @TestAlsoOnExternalUserBackend | ||
Feature: auth | ||
|
||
Background: | ||
Given user "user0" has been created with default attributes | ||
And a new client token for "user0" has been generated | ||
|
||
@issue-32068 | ||
Scenario Outline: send POST requests to OCS endpoints as normal user with wrong password | ||
Given using OCS API version "<ocs_api_version>" | ||
And user "user1" has been created with default attributes | ||
When user "user0" sends HTTP method "POST" to OCS API endpoint "<endpoint>" with body using password "invalid" | ||
| data | doesnotmatter | | ||
Then the OCS status code should be "<ocs-code>" | ||
And the HTTP status code should be "<http-code>" | ||
Examples: | ||
| ocs_api_version |endpoint | ocs-code | http-code | | ||
| 1 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/remote_shares/pending/123 | 997 | 401 | | ||
| 1 |/apps/files_sharing/api/v1/shares | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/shares | 997 | 401 | | ||
| 1 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/shares/pending/123 | 997 | 401 | | ||
| 1 |/cloud/apps/testing | 997 | 401 | | ||
| 2 |/cloud/apps/testing | 997 | 401 | | ||
| 1 |/cloud/groups | 997 | 401 | | ||
| 2 |/cloud/groups | 997 | 401 | | ||
| 1 |/cloud/users | 997 | 401 | | ||
| 2 |/cloud/users | 997 | 401 | | ||
| 1 |/cloud/users/user0/groups | 997 | 401 | | ||
| 2 |/cloud/users/user0/groups | 997 | 401 | | ||
| 1 |/cloud/users/user0/subadmins | 997 | 401 | | ||
| 2 |/cloud/users/user0/subadmins | 997 | 401 | | ||
| 1 |/person/check | 101 | 200 | | ||
| 2 |/person/check | 400 | 400 | | ||
| 1 |/privatedata/deleteattribute/testing/test | 997 | 401 | | ||
| 2 |/privatedata/deleteattribute/testing/test | 997 | 401 | | ||
| 1 |/privatedata/setattribute/testing/test | 997 | 401 | | ||
| 2 |/privatedata/setattribute/testing/test | 997 | 401 | | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
@api @TestAlsoOnExternalUserBackend | ||
Feature: auth | ||
|
||
Background: | ||
Given user "user0" has been created with default attributes | ||
And a new client token for "user0" has been generated | ||
|
||
@issue-32068 | ||
Scenario Outline: send PUT requests to OCS endpoints as admin with wrong password | ||
Given using OCS API version "<ocs_api_version>" | ||
When the administrator sends HTTP method "PUT" to OCS API endpoint "<endpoint>" with body using password "invalid" | ||
| data | doesnotmatter | | ||
Then the OCS status code should be "<ocs-code>" | ||
And the HTTP status code should be "<http-code>" | ||
Examples: | ||
| ocs_api_version |endpoint | ocs-code | http-code | | ||
| 1 |/cloud/users/user0 | 997 | 401 | | ||
| 2 |/cloud/users/user0 | 997 | 401 | | ||
| 1 |/cloud/users/user0/disable | 997 | 401 | | ||
| 2 |/cloud/users/user0/disable | 997 | 401 | | ||
| 1 |/cloud/users/user0/enable | 997 | 401 | | ||
| 2 |/cloud/users/user0/enable | 997 | 401 | | ||
| 1 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | | ||
| 2 |/apps/files_sharing/api/v1/shares/123 | 997 | 401 | | ||
|
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
@api @TestAlsoOnExternalUserBackend | ||
Feature: auth | ||
|
||
Background: | ||
Given user "user0" has been created with default attributes | ||
And a new client token for "user0" has been generated | ||
|
||
Scenario: using WebDAV anonymously | ||
When a user requests "/remote.php/webdav" with "PROPFIND" and no authentication | ||
Then the HTTP status code should be "401" | ||
|
||
Scenario: using WebDAV with basic auth | ||
When user "user0" requests "/remote.php/webdav" with "PROPFIND" using basic auth | ||
Then the HTTP status code should be "207" | ||
|
||
Scenario: using WebDAV with token auth | ||
When user "user0" requests "/remote.php/webdav" with "PROPFIND" using basic token auth | ||
Then the HTTP status code should be "207" | ||
|
||
# DAV token auth is not possible yet | ||
#Scenario: using WebDAV with a client token | ||
# When requesting "/remote.php/webdav" with "PROPFIND" using a client token | ||
# Then the HTTP status code should be "207" | ||
|
||
Scenario: using WebDAV with browser session | ||
Given a new browser session for "user0" has been started | ||
When the user requests "/remote.php/webdav" with "PROPFIND" using the browser session | ||
Then the HTTP status code should be "207" |